Using SSL/TLS

SSL (Secure Sockets Layer) or TLS (Transport Layer Security) is used
to secure traffic between two hosts on the Internet. For example it can
be used for securing traffic from and to an e-commerce site.

By default SSL/TLS is enabled on your account but using a self signed
certificate. That means users will be asked to trust the certificate before
using the service. A self signed certificate is like a fully signed
certificate, traffic will be fully encrypted. The only difference is it is not
trusted by web browsers, users will need to trust the certificate before using
the service.

Getting and Installing a Fully Signed Certificate

You also have the option to use a fully signed certificate with the
following condition.

A fully signed certificate signed for your domain will require
a dedicated IP address. By default your account will not have a dedicated
IP address. Please refer to our homepage or contact our sales department
to get a dedicated IP address.

You will need to get your certificate signed by a certificate
authority by yourself. They will probably ask you to give them some information
about your domain and an administrative fee.

Important

Please note that any dedicated IP address request must be
justified. We will only grant a dedicated IP address to accounts that
absolutely require fully signed SSL/TLS certificate such as e-commerce sites
or similar sites.

To install a fully signed certificate to your account please follow
the following steps.

Log on to SiteManager if you haven't already logged on.

Go to SSL/SSH/OpenPGP menu and then
SSL/TLS Settings menu.

In this page you will see the current information about your
current SSL/TLS certificate. If you haven't installed an SSL/TLS certificate it
should tell you that SSL/TLS certificate is not installed. Click on 'Install
or Renew SSL/TLS Certificate'.

In this page there are a step by step instructions you need to
take. The first step is to generate or import web server private key. Choose
accordingly from the action field and follow the instructions. Only choose
import if you already have a private key with another server.

Next, create a certificate signing request (CSR). Click on
Create on the action field. On the next screen you will be
asked information about your organization. A special field is Common Name, you
will need to enter your domain name to be used in the certificate here, you can
also enter your subdomain name here. Please note that only one domain or
subdomain may be specified here, you can't specify all of your subdomains.
Please double check the name of your domain before continuing. When done, click
on Create CSR

On the next screen you will be presented with a text box
containing a CSR block. You will need to copy this text fully (including the
BEGIN CERTIFICATE and END CERTIFICATE line.

Make the necessary arrangement with your choice of certificate
authority to get your certificate signed. You probably will need to pay them an
administrative fee. You will also need to confirm your identity, probably by
phone. Usually you will need to send them the necessary paperwork, either by
fax or by mail. You will also need to send them your certificate signing
request (CSR) at some point, usually by copying and pasting it to a web form or
sending it by email. Every certificate authorities differs in the way they
verify your information, please contact them if you need more
information.

If the certificate authority authorizes you, you will receive
an SSL/TLS certificate from them. Please save this certificate to a file and
don't lose it!

Go back to the Install SSL/TLS Certificate menu and upload the
certificate to our web server. Click on 'upload' on the right of 'Upload the
SSL certificate from certificate authority' step. On the next screen you will
be presented with a text box. Paste the SSL/TLS certificate content to this
box. Make sure you also include the lines BEGIN CERTIFICATE and END
CERTIFICATE.

(this step is optional) If the certificate authority requires
an intermediate CA certificate or server certificate chain, you will need to
upload it here. Your certificate authority will provide you with the
intermediate certificate you can upload here if required.

Activate the SSL/TLS key pair to install them to our web
server. Please wait at most one hour before the certificate gets
installed.

Warning

Do not delete your web server private key after you receive your
certificate from certificate authority. Doing so will make it completely
unusable and you will need to regenerate it again..

Note

An SSL/TLS certificate file has an expiration date. You will
need to renew your SSL/TLS certificate when it expires.